summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
-rw-r--r--src/lib/libssl/s3_srvr.c388
1 files changed, 322 insertions, 66 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 258af84867..99b6a86983 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#define REUSE_CIPHER_BUG 112#define REUSE_CIPHER_BUG
60#define NETSCAPE_HANG_BUG 113#define NETSCAPE_HANG_BUG
@@ -64,11 +117,12 @@
64#include <openssl/buffer.h> 117#include <openssl/buffer.h>
65#include <openssl/rand.h> 118#include <openssl/rand.h>
66#include <openssl/objects.h> 119#include <openssl/objects.h>
67#include <openssl/md5.h>
68#include <openssl/sha.h>
69#include <openssl/evp.h> 120#include <openssl/evp.h>
70#include <openssl/x509.h> 121#include <openssl/x509.h>
122#include <openssl/krb5_asn.h>
71#include "ssl_locl.h" 123#include "ssl_locl.h"
124#include "kssl_lcl.h"
125#include <openssl/md5.h>
72 126
73static SSL_METHOD *ssl3_get_server_method(int ver); 127static SSL_METHOD *ssl3_get_server_method(int ver);
74static int ssl3_get_client_hello(SSL *s); 128static int ssl3_get_client_hello(SSL *s);
@@ -110,7 +164,7 @@ int ssl3_accept(SSL *s)
110 { 164 {
111 BUF_MEM *buf; 165 BUF_MEM *buf;
112 unsigned long l,Time=time(NULL); 166 unsigned long l,Time=time(NULL);
113 void (*cb)()=NULL; 167 void (*cb)(const SSL *ssl,int type,int val)=NULL;
114 long num1; 168 long num1;
115 int ret= -1; 169 int ret= -1;
116 int new_state,state,skip=0; 170 int new_state,state,skip=0;
@@ -125,8 +179,8 @@ int ssl3_accept(SSL *s)
125 cb=s->ctx->info_callback; 179 cb=s->ctx->info_callback;
126 180
127 /* init things to blank */ 181 /* init things to blank */
128 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
129 s->in_handshake++; 182 s->in_handshake++;
183 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
130 184
131 if (s->cert == NULL) 185 if (s->cert == NULL)
132 { 186 {
@@ -154,7 +208,7 @@ int ssl3_accept(SSL *s)
154 208
155 if ((s->version>>8) != 3) 209 if ((s->version>>8) != 3)
156 { 210 {
157 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR); 211 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
158 return -1; 212 return -1;
159 } 213 }
160 s->type=SSL_ST_ACCEPT; 214 s->type=SSL_ST_ACCEPT;
@@ -180,21 +234,23 @@ int ssl3_accept(SSL *s)
180 goto end; 234 goto end;
181 } 235 }
182 236
183 /* Ok, we now need to push on a buffering BIO so that
184 * the output is sent in a way that TCP likes :-)
185 */
186 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
187
188 s->init_num=0; 237 s->init_num=0;
189 238
190 if (s->state != SSL_ST_RENEGOTIATE) 239 if (s->state != SSL_ST_RENEGOTIATE)
191 { 240 {
241 /* Ok, we now need to push on a buffering BIO so that
242 * the output is sent in a way that TCP likes :-)
243 */
244 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
245
192 ssl3_init_finished_mac(s); 246 ssl3_init_finished_mac(s);
193 s->state=SSL3_ST_SR_CLNT_HELLO_A; 247 s->state=SSL3_ST_SR_CLNT_HELLO_A;
194 s->ctx->stats.sess_accept++; 248 s->ctx->stats.sess_accept++;
195 } 249 }
196 else 250 else
197 { 251 {
252 /* s->state == SSL_ST_RENEGOTIATE,
253 * we will just send a HelloRequest */
198 s->ctx->stats.sess_accept_renegotiate++; 254 s->ctx->stats.sess_accept_renegotiate++;
199 s->state=SSL3_ST_SW_HELLO_REQ_A; 255 s->state=SSL3_ST_SW_HELLO_REQ_A;
200 } 256 }
@@ -215,9 +271,7 @@ int ssl3_accept(SSL *s)
215 271
216 case SSL3_ST_SW_HELLO_REQ_C: 272 case SSL3_ST_SW_HELLO_REQ_C:
217 s->state=SSL_ST_OK; 273 s->state=SSL_ST_OK;
218 ret=1; 274 break;
219 goto end;
220 /* break; */
221 275
222 case SSL3_ST_SR_CLNT_HELLO_A: 276 case SSL3_ST_SR_CLNT_HELLO_A:
223 case SSL3_ST_SR_CLNT_HELLO_B: 277 case SSL3_ST_SR_CLNT_HELLO_B:
@@ -226,6 +280,7 @@ int ssl3_accept(SSL *s)
226 s->shutdown=0; 280 s->shutdown=0;
227 ret=ssl3_get_client_hello(s); 281 ret=ssl3_get_client_hello(s);
228 if (ret <= 0) goto end; 282 if (ret <= 0) goto end;
283 s->new_session = 2;
229 s->state=SSL3_ST_SW_SRVR_HELLO_A; 284 s->state=SSL3_ST_SW_SRVR_HELLO_A;
230 s->init_num=0; 285 s->init_num=0;
231 break; 286 break;
@@ -262,7 +317,15 @@ int ssl3_accept(SSL *s)
262 317
263 /* clear this, it may get reset by 318 /* clear this, it may get reset by
264 * send_server_key_exchange */ 319 * send_server_key_exchange */
265 if (s->options & SSL_OP_EPHEMERAL_RSA) 320 if ((s->options & SSL_OP_EPHEMERAL_RSA)
321#ifndef OPENSSL_NO_KRB5
322 && !(l & SSL_KRB5)
323#endif /* OPENSSL_NO_KRB5 */
324 )
325 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
326 * even when forbidden by protocol specs
327 * (handshake may fail as clients are not required to
328 * be able to handle this) */
266 s->s3->tmp.use_rsa_tmp=1; 329 s->s3->tmp.use_rsa_tmp=1;
267 else 330 else
268 s->s3->tmp.use_rsa_tmp=0; 331 s->s3->tmp.use_rsa_tmp=0;
@@ -304,7 +367,9 @@ int ssl3_accept(SSL *s)
304 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) && 367 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
305 /* ... except when the application insists on verification 368 /* ... except when the application insists on verification
306 * (against the specs, but s3_clnt.c accepts this for SSL 3) */ 369 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
307 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) 370 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
371 /* never request cert in Kerberos ciphersuites */
372 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
308 { 373 {
309 /* no cert request */ 374 /* no cert request */
310 skip=1; 375 skip=1;
@@ -456,18 +521,25 @@ int ssl3_accept(SSL *s)
456 /* remove buffering on output */ 521 /* remove buffering on output */
457 ssl_free_wbio_buffer(s); 522 ssl_free_wbio_buffer(s);
458 523
459 s->new_session=0;
460 s->init_num=0; 524 s->init_num=0;
461 525
462 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 526 if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
463 527 {
464 s->ctx->stats.sess_accept_good++; 528 /* actually not necessarily a 'new' session unless
465 /* s->server=1; */ 529 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
466 s->handshake_func=ssl3_accept; 530
467 ret=1; 531 s->new_session=0;
468 532
469 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 533 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
470 534
535 s->ctx->stats.sess_accept_good++;
536 /* s->server=1; */
537 s->handshake_func=ssl3_accept;
538
539 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
540 }
541
542 ret = 1;
471 goto end; 543 goto end;
472 /* break; */ 544 /* break; */
473 545
@@ -500,9 +572,9 @@ int ssl3_accept(SSL *s)
500end: 572end:
501 /* BIO_flush(s->wbio); */ 573 /* BIO_flush(s->wbio); */
502 574
575 s->in_handshake--;
503 if (cb != NULL) 576 if (cb != NULL)
504 cb(s,SSL_CB_ACCEPT_EXIT,ret); 577 cb(s,SSL_CB_ACCEPT_EXIT,ret);
505 s->in_handshake--;
506 return(ret); 578 return(ret);
507 } 579 }
508 580
@@ -533,11 +605,13 @@ static int ssl3_check_client_hello(SSL *s)
533 int ok; 605 int ok;
534 long n; 606 long n;
535 607
608 /* this function is called when we really expect a Certificate message,
609 * so permit appropriate message length */
536 n=ssl3_get_message(s, 610 n=ssl3_get_message(s,
537 SSL3_ST_SR_CERT_A, 611 SSL3_ST_SR_CERT_A,
538 SSL3_ST_SR_CERT_B, 612 SSL3_ST_SR_CERT_B,
539 -1, 613 -1,
540 SSL3_RT_MAX_PLAIN_LENGTH, 614 s->max_cert_list,
541 &ok); 615 &ok);
542 if (!ok) return((int)n); 616 if (!ok) return((int)n);
543 s->s3->tmp.reuse_message = 1; 617 s->s3->tmp.reuse_message = 1;
@@ -547,7 +621,7 @@ static int ssl3_check_client_hello(SSL *s)
547 * which will now be aborted. (A full SSL_clear would be too much.) 621 * which will now be aborted. (A full SSL_clear would be too much.)
548 * I hope that tmp.dh is the only thing that may need to be cleared 622 * I hope that tmp.dh is the only thing that may need to be cleared
549 * when a handshake is not completed ... */ 623 * when a handshake is not completed ... */
550#ifndef NO_DH 624#ifndef OPENSSL_NO_DH
551 if (s->s3->tmp.dh != NULL) 625 if (s->s3->tmp.dh != NULL)
552 { 626 {
553 DH_free(s->s3->tmp.dh); 627 DH_free(s->s3->tmp.dh);
@@ -588,13 +662,25 @@ static int ssl3_get_client_hello(SSL *s)
588 &ok); 662 &ok);
589 663
590 if (!ok) return((int)n); 664 if (!ok) return((int)n);
591 d=p=(unsigned char *)s->init_buf->data; 665 d=p=(unsigned char *)s->init_msg;
592 666
593 /* use version from inside client hello, not from record header 667 /* use version from inside client hello, not from record header
594 * (may differ: see RFC 2246, Appendix E, second paragraph) */ 668 * (may differ: see RFC 2246, Appendix E, second paragraph) */
595 s->client_version=(((int)p[0])<<8)|(int)p[1]; 669 s->client_version=(((int)p[0])<<8)|(int)p[1];
596 p+=2; 670 p+=2;
597 671
672 if (s->client_version < s->version)
673 {
674 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
675 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
676 {
677 /* similar to ssl3_get_record, send alert using remote version number */
678 s->version = s->client_version;
679 }
680 al = SSL_AD_PROTOCOL_VERSION;
681 goto f_err;
682 }
683
598 /* load the client random */ 684 /* load the client random */
599 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); 685 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
600 p+=SSL3_RANDOM_SIZE; 686 p+=SSL3_RANDOM_SIZE;
@@ -603,7 +689,15 @@ static int ssl3_get_client_hello(SSL *s)
603 j= *(p++); 689 j= *(p++);
604 690
605 s->hit=0; 691 s->hit=0;
606 if (j == 0) 692 /* Versions before 0.9.7 always allow session reuse during renegotiation
693 * (i.e. when s->new_session is true), option
694 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
695 * Maybe this optional behaviour should always have been the default,
696 * but we cannot safely change the default behaviour (or new applications
697 * might be written that become totally unsecure when compiled with
698 * an earlier library version)
699 */
700 if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
607 { 701 {
608 if (!ssl_get_new_session(s,1)) 702 if (!ssl_get_new_session(s,1))
609 goto err; 703 goto err;
@@ -633,7 +727,7 @@ static int ssl3_get_client_hello(SSL *s)
633 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); 727 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
634 goto f_err; 728 goto f_err;
635 } 729 }
636 if ((i+p) > (d+n)) 730 if ((p+i) >= (d+n))
637 { 731 {
638 /* not enough data */ 732 /* not enough data */
639 al=SSL_AD_DECODE_ERROR; 733 al=SSL_AD_DECODE_ERROR;
@@ -690,6 +784,13 @@ static int ssl3_get_client_hello(SSL *s)
690 784
691 /* compression */ 785 /* compression */
692 i= *(p++); 786 i= *(p++);
787 if ((p+i) > (d+n))
788 {
789 /* not enough data */
790 al=SSL_AD_DECODE_ERROR;
791 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
792 goto f_err;
793 }
693 q=p; 794 q=p;
694 for (j=0; j<i; j++) 795 for (j=0; j<i; j++)
695 { 796 {
@@ -737,7 +838,7 @@ static int ssl3_get_client_hello(SSL *s)
737 /* TLS does not mind if there is extra stuff */ 838 /* TLS does not mind if there is extra stuff */
738 if (s->version == SSL3_VERSION) 839 if (s->version == SSL3_VERSION)
739 { 840 {
740 if (p > (d+n)) 841 if (p < (d+n))
741 { 842 {
742 /* wrong number of bytes, 843 /* wrong number of bytes,
743 * there could be more to follow */ 844 * there could be more to follow */
@@ -747,7 +848,7 @@ static int ssl3_get_client_hello(SSL *s)
747 } 848 }
748 } 849 }
749 850
750 /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must 851 /* Given s->session->ciphers and SSL_get_ciphers, we must
751 * pick a cipher */ 852 * pick a cipher */
752 853
753 if (!s->hit) 854 if (!s->hit)
@@ -764,7 +865,7 @@ static int ssl3_get_client_hello(SSL *s)
764 } 865 }
765 ciphers=NULL; 866 ciphers=NULL;
766 c=ssl3_choose_cipher(s,s->session->ciphers, 867 c=ssl3_choose_cipher(s,s->session->ciphers,
767 ssl_get_ciphers_by_id(s)); 868 SSL_get_ciphers(s));
768 869
769 if (c == NULL) 870 if (c == NULL)
770 { 871 {
@@ -919,14 +1020,14 @@ static int ssl3_send_server_done(SSL *s)
919 1020
920static int ssl3_send_server_key_exchange(SSL *s) 1021static int ssl3_send_server_key_exchange(SSL *s)
921 { 1022 {
922#ifndef NO_RSA 1023#ifndef OPENSSL_NO_RSA
923 unsigned char *q; 1024 unsigned char *q;
924 int j,num; 1025 int j,num;
925 RSA *rsa; 1026 RSA *rsa;
926 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1027 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
927 unsigned int u; 1028 unsigned int u;
928#endif 1029#endif
929#ifndef NO_DH 1030#ifndef OPENSSL_NO_DH
930 DH *dh=NULL,*dhp; 1031 DH *dh=NULL,*dhp;
931#endif 1032#endif
932 EVP_PKEY *pkey; 1033 EVP_PKEY *pkey;
@@ -940,6 +1041,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
940 BUF_MEM *buf; 1041 BUF_MEM *buf;
941 EVP_MD_CTX md_ctx; 1042 EVP_MD_CTX md_ctx;
942 1043
1044 EVP_MD_CTX_init(&md_ctx);
943 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 1045 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
944 { 1046 {
945 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; 1047 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
@@ -949,7 +1051,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
949 1051
950 r[0]=r[1]=r[2]=r[3]=NULL; 1052 r[0]=r[1]=r[2]=r[3]=NULL;
951 n=0; 1053 n=0;
952#ifndef NO_RSA 1054#ifndef OPENSSL_NO_RSA
953 if (type & SSL_kRSA) 1055 if (type & SSL_kRSA)
954 { 1056 {
955 rsa=cert->rsa_tmp; 1057 rsa=cert->rsa_tmp;
@@ -964,7 +1066,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
964 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); 1066 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
965 goto f_err; 1067 goto f_err;
966 } 1068 }
967 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 1069 RSA_up_ref(rsa);
968 cert->rsa_tmp=rsa; 1070 cert->rsa_tmp=rsa;
969 } 1071 }
970 if (rsa == NULL) 1072 if (rsa == NULL)
@@ -979,7 +1081,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
979 } 1081 }
980 else 1082 else
981#endif 1083#endif
982#ifndef NO_DH 1084#ifndef OPENSSL_NO_DH
983 if (type & SSL_kEDH) 1085 if (type & SSL_kEDH)
984 { 1086 {
985 dhp=cert->dh_tmp; 1087 dhp=cert->dh_tmp;
@@ -997,7 +1099,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
997 if (s->s3->tmp.dh != NULL) 1099 if (s->s3->tmp.dh != NULL)
998 { 1100 {
999 DH_free(dh); 1101 DH_free(dh);
1000 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_INTERNAL_ERROR); 1102 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1001 goto err; 1103 goto err;
1002 } 1104 }
1003 1105
@@ -1083,19 +1185,19 @@ static int ssl3_send_server_key_exchange(SSL *s)
1083 { 1185 {
1084 /* n is the length of the params, they start at &(d[4]) 1186 /* n is the length of the params, they start at &(d[4])
1085 * and p points to the space at the end. */ 1187 * and p points to the space at the end. */
1086#ifndef NO_RSA 1188#ifndef OPENSSL_NO_RSA
1087 if (pkey->type == EVP_PKEY_RSA) 1189 if (pkey->type == EVP_PKEY_RSA)
1088 { 1190 {
1089 q=md_buf; 1191 q=md_buf;
1090 j=0; 1192 j=0;
1091 for (num=2; num > 0; num--) 1193 for (num=2; num > 0; num--)
1092 { 1194 {
1093 EVP_DigestInit(&md_ctx,(num == 2) 1195 EVP_DigestInit_ex(&md_ctx,(num == 2)
1094 ?s->ctx->md5:s->ctx->sha1); 1196 ?s->ctx->md5:s->ctx->sha1, NULL);
1095 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1197 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1096 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1198 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1097 EVP_DigestUpdate(&md_ctx,&(d[4]),n); 1199 EVP_DigestUpdate(&md_ctx,&(d[4]),n);
1098 EVP_DigestFinal(&md_ctx,q, 1200 EVP_DigestFinal_ex(&md_ctx,q,
1099 (unsigned int *)&i); 1201 (unsigned int *)&i);
1100 q+=i; 1202 q+=i;
1101 j+=i; 1203 j+=i;
@@ -1111,11 +1213,11 @@ static int ssl3_send_server_key_exchange(SSL *s)
1111 } 1213 }
1112 else 1214 else
1113#endif 1215#endif
1114#if !defined(NO_DSA) 1216#if !defined(OPENSSL_NO_DSA)
1115 if (pkey->type == EVP_PKEY_DSA) 1217 if (pkey->type == EVP_PKEY_DSA)
1116 { 1218 {
1117 /* lets do DSS */ 1219 /* lets do DSS */
1118 EVP_SignInit(&md_ctx,EVP_dss1()); 1220 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1119 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1221 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1120 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1222 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1121 EVP_SignUpdate(&md_ctx,&(d[4]),n); 1223 EVP_SignUpdate(&md_ctx,&(d[4]),n);
@@ -1148,10 +1250,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
1148 } 1250 }
1149 1251
1150 s->state = SSL3_ST_SW_KEY_EXCH_B; 1252 s->state = SSL3_ST_SW_KEY_EXCH_B;
1253 EVP_MD_CTX_cleanup(&md_ctx);
1151 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1254 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1152f_err: 1255f_err:
1153 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1256 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1154err: 1257err:
1258 EVP_MD_CTX_cleanup(&md_ctx);
1155 return(-1); 1259 return(-1);
1156 } 1260 }
1157 1261
@@ -1249,28 +1353,31 @@ static int ssl3_get_client_key_exchange(SSL *s)
1249 long n; 1353 long n;
1250 unsigned long l; 1354 unsigned long l;
1251 unsigned char *p; 1355 unsigned char *p;
1252#ifndef NO_RSA 1356#ifndef OPENSSL_NO_RSA
1253 RSA *rsa=NULL; 1357 RSA *rsa=NULL;
1254 EVP_PKEY *pkey=NULL; 1358 EVP_PKEY *pkey=NULL;
1255#endif 1359#endif
1256#ifndef NO_DH 1360#ifndef OPENSSL_NO_DH
1257 BIGNUM *pub=NULL; 1361 BIGNUM *pub=NULL;
1258 DH *dh_srvr; 1362 DH *dh_srvr;
1259#endif 1363#endif
1364#ifndef OPENSSL_NO_KRB5
1365 KSSL_ERR kssl_err;
1366#endif /* OPENSSL_NO_KRB5 */
1260 1367
1261 n=ssl3_get_message(s, 1368 n=ssl3_get_message(s,
1262 SSL3_ST_SR_KEY_EXCH_A, 1369 SSL3_ST_SR_KEY_EXCH_A,
1263 SSL3_ST_SR_KEY_EXCH_B, 1370 SSL3_ST_SR_KEY_EXCH_B,
1264 SSL3_MT_CLIENT_KEY_EXCHANGE, 1371 SSL3_MT_CLIENT_KEY_EXCHANGE,
1265 400, /* ???? */ 1372 2048, /* ??? */
1266 &ok); 1373 &ok);
1267 1374
1268 if (!ok) return((int)n); 1375 if (!ok) return((int)n);
1269 p=(unsigned char *)s->init_buf->data; 1376 p=(unsigned char *)s->init_msg;
1270 1377
1271 l=s->s3->tmp.new_cipher->algorithms; 1378 l=s->s3->tmp.new_cipher->algorithms;
1272 1379
1273#ifndef NO_RSA 1380#ifndef OPENSSL_NO_RSA
1274 if (l & SSL_kRSA) 1381 if (l & SSL_kRSA)
1275 { 1382 {
1276 /* FIX THIS UP EAY EAY EAY EAY */ 1383 /* FIX THIS UP EAY EAY EAY EAY */
@@ -1377,7 +1484,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1377 } 1484 }
1378 else 1485 else
1379#endif 1486#endif
1380#ifndef NO_DH 1487#ifndef OPENSSL_NO_DH
1381 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1488 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1382 { 1489 {
1383 n2s(p,i); 1490 n2s(p,i);
@@ -1440,16 +1547,165 @@ static int ssl3_get_client_key_exchange(SSL *s)
1440 } 1547 }
1441 else 1548 else
1442#endif 1549#endif
1550#ifndef OPENSSL_NO_KRB5
1551 if (l & SSL_kKRB5)
1552 {
1553 krb5_error_code krb5rc;
1554 krb5_data enc_ticket;
1555 krb5_data authenticator;
1556 krb5_data enc_pms;
1557 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1558 EVP_CIPHER_CTX ciph_ctx;
1559 EVP_CIPHER *enc = NULL;
1560 unsigned char iv[EVP_MAX_IV_LENGTH];
1561 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
1562 + EVP_MAX_IV_LENGTH + 1];
1563 int padl, outl = sizeof(pms);
1564 krb5_timestamp authtime = 0;
1565 krb5_ticket_times ttimes;
1566
1567 EVP_CIPHER_CTX_init(&ciph_ctx);
1568
1569 if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
1570
1571 n2s(p,i);
1572 enc_ticket.length = i;
1573 enc_ticket.data = (char *)p;
1574 p+=enc_ticket.length;
1575
1576 n2s(p,i);
1577 authenticator.length = i;
1578 authenticator.data = (char *)p;
1579 p+=authenticator.length;
1580
1581 n2s(p,i);
1582 enc_pms.length = i;
1583 enc_pms.data = (char *)p;
1584 p+=enc_pms.length;
1585
1586 if (n != enc_ticket.length + authenticator.length +
1587 enc_pms.length + 6)
1588 {
1589 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1590 SSL_R_DATA_LENGTH_TOO_LONG);
1591 goto err;
1592 }
1593
1594 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
1595 &kssl_err)) != 0)
1596 {
1597#ifdef KSSL_DEBUG
1598 printf("kssl_sget_tkt rtn %d [%d]\n",
1599 krb5rc, kssl_err.reason);
1600 if (kssl_err.text)
1601 printf("kssl_err text= %s\n", kssl_err.text);
1602#endif /* KSSL_DEBUG */
1603 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1604 kssl_err.reason);
1605 goto err;
1606 }
1607
1608 /* Note: no authenticator is not considered an error,
1609 ** but will return authtime == 0.
1610 */
1611 if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
1612 &authtime, &kssl_err)) != 0)
1613 {
1614#ifdef KSSL_DEBUG
1615 printf("kssl_check_authent rtn %d [%d]\n",
1616 krb5rc, kssl_err.reason);
1617 if (kssl_err.text)
1618 printf("kssl_err text= %s\n", kssl_err.text);
1619#endif /* KSSL_DEBUG */
1620 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1621 kssl_err.reason);
1622 goto err;
1623 }
1624
1625 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
1626 {
1627 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
1628 goto err;
1629 }
1630
1631#ifdef KSSL_DEBUG
1632 kssl_ctx_show(kssl_ctx);
1633#endif /* KSSL_DEBUG */
1634
1635 enc = kssl_map_enc(kssl_ctx->enctype);
1636 if (enc == NULL)
1637 goto err;
1638
1639 memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
1640
1641 if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
1642 {
1643 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1644 SSL_R_DECRYPTION_FAILED);
1645 goto err;
1646 }
1647 if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
1648 (unsigned char *)enc_pms.data, enc_pms.length))
1649 {
1650 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1651 SSL_R_DECRYPTION_FAILED);
1652 goto err;
1653 }
1654 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
1655 {
1656 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1657 SSL_R_DATA_LENGTH_TOO_LONG);
1658 goto err;
1659 }
1660 if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
1661 {
1662 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1663 SSL_R_DECRYPTION_FAILED);
1664 goto err;
1665 }
1666 outl += padl;
1667 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
1668 {
1669 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1670 SSL_R_DATA_LENGTH_TOO_LONG);
1671 goto err;
1672 }
1673 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1674
1675 s->session->master_key_length=
1676 s->method->ssl3_enc->generate_master_secret(s,
1677 s->session->master_key, pms, outl);
1678
1679 if (kssl_ctx->client_princ)
1680 {
1681 int len = strlen(kssl_ctx->client_princ);
1682 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
1683 {
1684 s->session->krb5_client_princ_len = len;
1685 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
1686 }
1687 }
1688
1689
1690 /* Was doing kssl_ctx_free() here,
1691 ** but it caused problems for apache.
1692 ** kssl_ctx = kssl_ctx_free(kssl_ctx);
1693 ** if (s->kssl_ctx) s->kssl_ctx = NULL;
1694 */
1695 }
1696 else
1697#endif /* OPENSSL_NO_KRB5 */
1443 { 1698 {
1444 al=SSL_AD_HANDSHAKE_FAILURE; 1699 al=SSL_AD_HANDSHAKE_FAILURE;
1445 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE); 1700 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1701 SSL_R_UNKNOWN_CIPHER_TYPE);
1446 goto f_err; 1702 goto f_err;
1447 } 1703 }
1448 1704
1449 return(1); 1705 return(1);
1450f_err: 1706f_err:
1451 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1707 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1452#if !defined(NO_DH) || !defined(NO_RSA) 1708#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
1453err: 1709err:
1454#endif 1710#endif
1455 return(-1); 1711 return(-1);
@@ -1520,7 +1776,7 @@ static int ssl3_get_cert_verify(SSL *s)
1520 } 1776 }
1521 1777
1522 /* we now have a signature that we need to verify */ 1778 /* we now have a signature that we need to verify */
1523 p=(unsigned char *)s->init_buf->data; 1779 p=(unsigned char *)s->init_msg;
1524 n2s(p,i); 1780 n2s(p,i);
1525 n-=2; 1781 n-=2;
1526 if (i > n) 1782 if (i > n)
@@ -1538,7 +1794,7 @@ static int ssl3_get_cert_verify(SSL *s)
1538 goto f_err; 1794 goto f_err;
1539 } 1795 }
1540 1796
1541#ifndef NO_RSA 1797#ifndef OPENSSL_NO_RSA
1542 if (pkey->type == EVP_PKEY_RSA) 1798 if (pkey->type == EVP_PKEY_RSA)
1543 { 1799 {
1544 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, 1800 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
@@ -1559,7 +1815,7 @@ static int ssl3_get_cert_verify(SSL *s)
1559 } 1815 }
1560 else 1816 else
1561#endif 1817#endif
1562#ifndef NO_DSA 1818#ifndef OPENSSL_NO_DSA
1563 if (pkey->type == EVP_PKEY_DSA) 1819 if (pkey->type == EVP_PKEY_DSA)
1564 { 1820 {
1565 j=DSA_verify(pkey->save_type, 1821 j=DSA_verify(pkey->save_type,
@@ -1576,7 +1832,7 @@ static int ssl3_get_cert_verify(SSL *s)
1576 else 1832 else
1577#endif 1833#endif
1578 { 1834 {
1579 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR); 1835 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
1580 al=SSL_AD_UNSUPPORTED_CERTIFICATE; 1836 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
1581 goto f_err; 1837 goto f_err;
1582 } 1838 }
@@ -1605,11 +1861,7 @@ static int ssl3_get_client_certificate(SSL *s)
1605 SSL3_ST_SR_CERT_A, 1861 SSL3_ST_SR_CERT_A,
1606 SSL3_ST_SR_CERT_B, 1862 SSL3_ST_SR_CERT_B,
1607 -1, 1863 -1,
1608#if defined(MSDOS) && !defined(WIN32) 1864 s->max_cert_list,
1609 1024*30, /* 30k max cert list :-) */
1610#else
1611 1024*100, /* 100k max cert list :-) */
1612#endif
1613 &ok); 1865 &ok);
1614 1866
1615 if (!ok) return((int)n); 1867 if (!ok) return((int)n);
@@ -1640,7 +1892,7 @@ static int ssl3_get_client_certificate(SSL *s)
1640 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); 1892 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
1641 goto f_err; 1893 goto f_err;
1642 } 1894 }
1643 d=p=(unsigned char *)s->init_buf->data; 1895 d=p=(unsigned char *)s->init_msg;
1644 1896
1645 if ((sk=sk_X509_new_null()) == NULL) 1897 if ((sk=sk_X509_new_null()) == NULL)
1646 { 1898 {
@@ -1760,9 +2012,13 @@ int ssl3_send_server_certificate(SSL *s)
1760 if (s->state == SSL3_ST_SW_CERT_A) 2012 if (s->state == SSL3_ST_SW_CERT_A)
1761 { 2013 {
1762 x=ssl_get_server_send_cert(s); 2014 x=ssl_get_server_send_cert(s);
1763 if (x == NULL) 2015 if (x == NULL &&
2016 /* VRS: allow null cert if auth == KRB5 */
2017 (s->s3->tmp.new_cipher->algorithms
2018 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
2019 != (SSL_aKRB5|SSL_kKRB5))
1764 { 2020 {
1765 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR); 2021 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1766 return(0); 2022 return(0);
1767 } 2023 }
1768 2024
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 02:56:05 +0000